After a two-year court battle, Yahoo has agreed to pay $50m in compensation for losses to 200 million US and Israeli consumers who brought a class action lawsuit against the firm.
The class action related to a data breach in 2013 that is estimated to have affected three billion accounts worldwide.
Yahoo, now part of Verizon’s Oath business, has also agreed to pay up to $35m in legal fees and provide affected users with credit-monitoring services for two years, reportedly worth $350 each.
The $50m fund will pay compensation to small business and individuals to claim back costs for losses associated with the breach, such as identity theft.
The fund will compensate Yahoo account holders at a rate of $25 an hour for time spent dealing with issues caused by the breach, according to the preliminary settlement.
Those with documented losses can claim up to 15 hours of lost time, or $375. Those who cannot document losses can file claims for up to five hours, or $125.
Also, those who paid for premium Yahoo email services will receive a 25% refund.
The settlement deal is still subject to approval from US district judge Lucy Koh at a hearing scheduled for 29 November.
The settlement costs will be shared equally between Oath and Altaba, the holding company that owns what is left of Yahoo following Oath’s acquisition of Yahoo’s core business.
Read more about Yahoo’s data breaches
- US authorities have arrested a man in Canada who has been charged alongside two Russian intelligence officers and a Russian hacker in connection with a 2014 data breach at Yahoo affecting 500 million accounts.
- The theft of the email addresses and other account details of 500 million Yahoo users is a golden opportunity for cyber criminals working with bad-bots.
- Yahoo’s data breaches cost its top lawyer his job, CEO Marissa Mayer millions in bonuses, and $350m off its sale price, highlighting the importance of executive involvement.
In February 2017, Yahoo reportedly accepted a $350m reduction on the original $4.83bn sale to Verizon because of the 2013 breach, originally said to have affected just one billion accounts, and a subsequent breach affecting 500 million accounts in 2014.
The original deal was signed in July 2016, but in November, Yahoo admitted for the first time in a US Securities and Exchange Committee (SEC) filing that some staff knew that a state-sponsored hacker had accessed its network shortly after an attack in 2014.
In a May 2017 filing with the SEC, Yahoo said that about 43 consumer class-action lawsuits had been filed against the company.
In September 2018, Altaba revealed that it had agreed to pay $47m to settle three legal cases related to the landmark security breach, according to TechCrunch.
Altaba previously paid a $35m fine imposed by the SEC for Yahoo’s delay in disclosing the breach to investors.